<?php
/**
 * @todo 登陆注销
 * @copyright gaoxiang 2009
 * @author gaoxiang
 * @createdate 2009.03.18
 * @license 本程序遵照Creative Commons 署名-非商业性使用-相同方式共享 2.5 中国大陆 协议，该协议的中文版本可在http://creativecommons.org/licenses/by-nc-sa/2.5/cn/下查看。
 **/
require_once(dirname(dirname(__FILE__)) . '/require/load.php');
session_set_cookie_params(7*24*3600); 
session_start();
$login_a=$database->arr_config_r[0]. "admin/login.php?log=login";//登陆地址
$pass_a=$database->arr_config_r[0] . "admin/login.php?log=passalter";//修改密码地址
 /*获得目的*/
 if(isset($_GET['log'])){
	$log_action = $_GET['log'];
}else{
	$log_action = "login";//如果没有参数就默认为登陆
}
//登陆验证及登陆界面
if($log_action=="login"){
	//如果已经登陆
 	if (isset($_SESSION["userid"]) && isset($_SESSION["rights"])){
 		set_refer();
 		login_echo($_SESSION['referer'],"请不要重复登陆");
 	//登陆
	 }elseif($_GET['action']=='submit'){
 		//已经提供登陆表单
 		if(isset($_POST['user'])){
 			$query= "SELECT id,pass,rights FROM users where user ='" . $_POST['user'] . "' LIMIT 1";
 			//用户名不存在
			 if(!$database->fetch_row($query)){
			 	login_echo($login_a,"用户名不存在！请重新输入。");
		 	//登陆
			 }elseif($_POST['pass']){
			 	$pass = $database->fetch_row($query);
			 	if ($pass[1] == MD5($_POST['pass'])){//验证密码
			 		set_refer();
			 		if ($_POST["cookietime"]){//保存一周
			 			setcookie(session_name(), session_id(), time() + 7*24*3600, "/");
			 			$_SESSION["userid"] = $pass[0];//用户名
			 			$_SESSION["rights"] = $pass[2];//权限
			 			login_echo($_SESSION['referer'],"登陆成功！");
		 			}else{//不保存
		 				$_SESSION["userid"] = $pass[0];//用户名
			 			$_SESSION["rights"] = $pass[2];//权限
			 			login_echo($_SESSION['referer'],"登陆成功！");
		 			}
	 			//密码错误
			 	}else{
			 		login_echo($login_a,"密码错误！请重新输入。");
			 	}
			 }
		 }else{
		 	login_echo($login_a,"请输入用户名。");
		 }
		//转入登陆界面	
	}else{
		set_refer();
		login_to();
	 }
 }elseif ($log_action == "logout"){//注销
 	if (isset($_SESSION["userid"]) && isset($_SESSION["rights"])){
		set_refer();//记录登入url
		unset($_SESSION['userid']);
		unset($_SESSION['rights']);
		login_echo($database->arr_config_r[0],"注销成功！");
	}else
		login_echo($database->arr_config_r[0],"你尚未登陆！");
	//修改密码
}elseif($log_action == "passalter"){
	if (isset($_SESSION["userid"]) && isset($_SESSION["rights"])){
			//已经提供修改密码表单
		if($_GET['action']=='submit'){
			if($_POST['pass1'] != $_POST['pass2']){
		 	 	login_echo($pass_a,"新密码两次输入不一致，请重新输入！");
 	 		 }elseif($_POST['pass1'] == ''){
		 	 	login_echo($pass_a,"新密码不能为空，请重新输入！");
		 	 //修改密码
  			 }elseif(strlen($_POST['pass1'])<6){
		 	 	login_echo($pass_a,"新密码不能为小于6个字符，请重新输入！");
	  		 }else{
	  		 	$query= "SELECT pass FROM users where id ='" . $_SESSION["userid"] . "' LIMIT 1";
			 	$pass = $database->fetch_row($query);
			 	//验证密码
			 	if ($pass[0] == MD5($_POST['pass'])){
			 		$pass_altered = MD5($_POST['pass1']);
			 		$database->write_table("UPDATE users SET pass = '" . $pass_altered ."' where id = '" .  $_SESSION["userid"] ."' LIMIT 1");
			 		unset($_SESSION['userid']);
			 		unset($_SESSION['rights']);
			 		login_echo($login_a ,"修改成功，请重新登陆！");	
			 	}else{//密码错误
			 		login_echo($pass_a,"原密码错误！请重新输入。");
			 	}
		 	}
	 	}else{
			pass_alter();
	 	}
 	//跳转到修改密码页面
	}else{		
		login_echo($login_a,"你尚未登陆！");	
	}
}
?>